Solved How to rdr on internal interface (pf filter)

andrian · Sep 20, 2015

Hi friends, please help me:
On the server FreeBSD9.3-RELEASE(x64) run tor server at internal interface em0

Code:

address:port 10.144.40.2:13001

It works, I tested from workstation from local network (10.144.40.12).

Now I want to setting pf rule at tor server in order to packets from workstation to any destination were forward to tor server 10.144.40.2:13001.
There I write rule:

Code:

rdr pass on $if_int proto tcp from 10.144.40.12 to any port 80 -> 10.144.40.2 13001
root@freebsd:/ # pfctl -nf /etc/pf.conf
/etc/pf.conf:71: syntax error (this top line)

What is wrong?

junovitch@ · Sep 21, 2015

Code:

... -> 10.144.40.2 port 13001

See pf.conf(4) for details.

andrian · Sep 21, 2015

Oh, my eyes, thank you friends (word "port" in line not present).

SirDice · Sep 21, 2015

You will also want to keep an eye on this:

Code:

    Redirections cannot reflect packets back through the interface they arrive on,
     they can only be redirected to hosts connected to different interfaces or
     to the firewall itself.

From pf.conf(5).

andrian · Sep 21, 2015

Thank you, my new friend, problem solving.

Solved How to rdr on internal interface (pf filter)

andrian

junovitch@

andrian

SirDice

Administrator

andrian